If your password is "password", read on...
PUBLISHED: 12:30 24 April 2019 | UPDATED: 12:43 24 April 2019
A new report shows that many of us don't have secure passwords online. If yours is Liverpool or 123456, you might want to think again.
Two decades ago, who would have guessed that our lives would be ruled by passwords.
I confess to having them written down and kept in a secret place because I have two for work, one to access each of the picture websites of TV channels, three for online ordering, one for the Government Gateway, one for the trains and so on − 29 in all.
But if all of yours are chosen because they are simple to remember, beware, because a survey by the National Cyber Security (NCSC) found that many British internet users did not know the best ways to protect themselves from cybercrime.
People use easily guessed passwords across multiple accounts and this has been highlighted as a major gap in the online security practices of UK internet users.
I do not bank online due to a long-held distrust of sharing sensitive information with anyone or anything. It was a good 10 years before I used an ATM. Even now I run my hands over the machine to check there is nothing sinister about it and shield the PIN keypad from any prying eyes − even my own.
It is always best, I think, to be over-cautious when money is involved.
A four-digit PIN, by the way, has 10,000 combinations so a lucky guess is unlikely.
The findings revealed that only 15% said they knew “a great deal” about how to protect themselves from harmful activity online, while less than half said they always used a strong, separate password for their main email account.
The research, released ahead of the NCSC's CyberUK 2019 conference in Glasgow, also included lists of the most commonly used passwords globally, highlighting the number of easily guessed log-ins still being widely used.
The most used is 123456 which, I should stress, is not one of mine. Nor are the other most frequently chosen − 123456789, qwerty (the first five letters on the top row of the keyboard), the word “password” itself and 1111111.
Knowing how cyber-criminals are always looking to hack into accounts, it is hair-raising that we can be so very trusting. But you can understand the dilemma. On the one hand, we need to feel secure from those who might be intent on accessing our money. On the other hand, we need to feel confident that we can get to our own information. The “forgot your password?” option is a pain because it means thinking up a new one. Sometimes you might think it would be nice to get out more... if only you were not tied to your computer, working out what you wrongly typed in. Did you use completely the wrong password, transpose two letters or did you fail to press the keys properly? You try and count how many dots are on the password and can't because they're too small. There is the option to let websites save your password... but I wouldn't have faith in that so what am I to do?
NCSC technical director Dr Ian Levy said: “We understand that cybersecurity can feel daunting to a lot of people, but the National Cyber Security Centre has published lots of easily applicable advice to make you much less vulnerable.
“Password re-use is a major risk that can be avoided - nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favourite band.
“Using hard-to-guess passwords is a strong first step and we recommend combining three random but memorable words. Be creative and use words memorable to you, so people can't guess your password.”
Ashley was revealed to be the most common name used in a password, followed by Michael, Daniel, Jessica and Charlie.
Liverpool was the most common Premier League Football team used in a password (other football teams are available), with Blink-182 (who?) the most common music act.
Security researcher Troy Hunt, whose website Have I Been Pwned allows users to check if any of their accounts have been compromised in cyber attacks by collecting data from those breaches - and helped compile the list, said internet users needed to be more creative in their approach to passwords.
One of the main troubles, I find, is that the prescribed combination of capital and lower case letters, numbers and symbols isn't always easy to type − all that pressing the shift button can and does get me in a muddle. I find myself mouthing the password to make sure the sequence is right... which might also expose me.
There are a number of random password generators available on line but is it safe? Who can we trust?
Well, the one I used suggested I might want to have zW&d$w5VT*9* as password. Safe? It certainly is − especially from me. There is nothing to make it memorable and, even though I have spent a lifetime learning lines for plays, this particular sequence of unrelated letters, numbers and symbols utterly defeated me. I suspect it would make my accounts inaccessible to everybody except an ace team of Bletchley Park code crackers.